poppash
January 27, 2021, 10:29am
1
Hi all,
I’m having some trouble using the CLI to communicate with my Vault instance at https://some.host.com:8200.
For instance, $ vault status yields:
Error checking seal status: Get "https://some.host.com:8200/v1/sys/seal-status": dial tcp: lookup some.host.com on 192.168.1.1:53: no such host
However, $ vault status -output-curl-string yields:
curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" https://some.host.com:8200/v1/sys/seal-status
Executing this statement yields the expected output:
{"type":"shamir","initialized":true,"sealed":true,"t":3,"n":5,"progress":0,"nonce":"","version":"1.6.1","migration":false,"recovery_seal":false,"storage_type":"file"}
I’m behind Zscaler Private Access . This might be the cause, but not really sure. Hence this post.
It seems the CLI tries to resolve the host, and gets stuck. I’m a bit in the dark here - any help would be much appreciated.
Thanks in advance.
Best,
Can you connect from your CLI via netcat or telnet?
Hi mikegreen, thanks for you reply. Not exactly sure if I understand you correctly - but SSH-ing to some.host.com and running $ vault status there yields expected results
You need to verify that your CLI can hit the host on port 8200. SSH is not 8200. You need to use telnet or netcat to check if the port is open,nc -zv host.foo.com 8200
Yes, I’m aware of that Connection to some.host.com port 8200 [tcp/trivnet1] succeeded!
I can also visit the UI, make curl fetch the status, etc. It’s just the Vault CLI that seems to resolve to some IP it cannot use
Error checking seal status: Get “https://some.host.com:8200/v1/sys/seal-status ”: dial tcp: lookup some.host.com on 192.168.1.1:53: no such host
This looks like a dns problem (port 53…). Can you edit you /etc/hosts file, add your some.host.com with the correct ip an test the vault status again?
